ClickHouse/tests/integration/test_kerberos_auth/test.py

92 lines
2.2 KiB
Python
Raw Normal View History

import pytest
from helpers.cluster import ClickHouseCluster, is_arm
if is_arm():
pytestmark = pytest.mark.skip
cluster = ClickHouseCluster(__file__)
instance1 = cluster.add_instance(
"instance1",
main_configs=["configs/kerberos_with_keytab.xml"],
user_configs=["configs/users.xml"],
with_kerberos_kdc=True,
)
instance2 = cluster.add_instance(
"instance2",
main_configs=["configs/kerberos_without_keytab.xml"],
user_configs=["configs/users.xml"],
with_kerberos_kdc=True,
)
2022-12-22 08:07:16 +00:00
instance3 = cluster.add_instance(
"instance3",
main_configs=["configs/kerberos_bad_path_to_keytab.xml"],
user_configs=["configs/users.xml"],
with_kerberos_kdc=True,
)
2022-12-26 11:56:45 +00:00
client = cluster.add_instance(
"client",
main_configs=["configs/kerberos_without_keytab.xml"],
user_configs=["configs/users.xml"],
with_kerberos_kdc=True,
)
# Fixtures
@pytest.fixture(scope="module")
def kerberos_cluster():
try:
cluster.start()
yield cluster
finally:
cluster.shutdown()
# Tests
2022-12-19 11:28:49 +00:00
2022-12-19 11:39:30 +00:00
def make_auth(instance):
2022-12-26 11:56:45 +00:00
instance_ip = cluster.get_instance_ip(instance.name)
client.exec_in_container(
["bash", "-c", f"echo '{instance_ip} {instance.hostname}' >> /etc/hosts"]
2022-12-26 11:56:45 +00:00
)
client.exec_in_container(
2022-12-19 11:28:49 +00:00
["bash", "-c", "kinit -k -t /tmp/keytab/kuser.keytab kuser"]
)
2022-12-26 11:56:45 +00:00
return client.exec_in_container(
2022-12-19 11:39:30 +00:00
[
"bash",
"-c",
2022-12-26 11:59:37 +00:00
f"echo 'select currentUser()' | curl --negotiate -u : http://{instance.hostname}:8123/ --data-binary @-",
2022-12-19 11:39:30 +00:00
]
)
2022-12-19 11:28:49 +00:00
def test_kerberos_auth_with_keytab(kerberos_cluster):
2022-12-19 11:39:30 +00:00
assert make_auth(instance1) == "kuser\n"
def test_kerberos_auth_without_keytab(kerberos_cluster):
2022-12-19 11:28:49 +00:00
assert (
2022-12-26 13:17:22 +00:00
"DB::Exception: : Authentication failed: password is incorrect, or there is no user with such name."
2022-12-19 11:39:30 +00:00
in make_auth(instance2)
2022-12-19 11:28:49 +00:00
)
2022-12-22 08:07:16 +00:00
def test_bad_path_to_keytab(kerberos_cluster):
assert (
2022-12-26 13:17:22 +00:00
"DB::Exception: : Authentication failed: password is incorrect, or there is no user with such name."
2022-12-22 08:07:16 +00:00
in make_auth(instance3)
)
assert instance3.contains_in_log("Keytab file not found")
if __name__ == "__main__":
cluster.start()
input("Cluster created, press any key to destroy...")
cluster.shutdown()